Skip to content
Scalekit Docs
Go to Dashboard

Implement user login

log in is how users access your application after verifying their identity. For B2B applications, log in involves additional complexity as users may belong to multiple organizations and each organization may have different authentication requirements.

Here are some common log in use cases:

  • Multiple authentication methods: Users can choose different authentication methods to log in, such as passwordless, their choice of social login, or enterprise SSO.
  • Organization-enforced policies: Organization administrators can enforce log in policies, such as requiring specific authentication method for certain users or authenticating users through their identity provider.
  • Cross-organization access: A user can log in to access multiple organizations or workspaces within your application.
  • Invitation-based access: A user signs in for the first time after accepting an email invitation to join an organization.
  • Enterprise SSO integration: Users authenticate through their corporate identity provider (e.g., Okta, Azure AD) instead of traditional username/password.

Scalekit helps you implement all such signup flows while handling the complexity of user management and authentication.

Let’s get started!

  1. Install the Scalekit SDK

    Section titled “Install the Scalekit SDK”

    npm install @scalekit-sdk/node

    Copy your API credentials from the Scalekit dashboard’s API Config section and set them as environment variables.

    Terminal window
    SCALEKIT_ENVIRONMENT_URL='<YOUR_ENVIRONMENT_URL>'
    SCALEKIT_CLIENT_ID='<ENVIRONMENT_CLIENT_ID>'
    SCALEKIT_CLIENT_SECRET='<ENVIRONMENT_CLIENT_SECRET>'

    Create a new Scalekit client instance.

    utils/auth.js
    import { Scalekit } from '@scalekit-sdk/node';
    

    export let scalekit = new Scalekit(
      process.env.SCALEKIT_ENVIRONMENT_URL,
      process.env.SCALEKIT_CLIENT_ID,
      process.env.SCALEKIT_CLIENT_SECRET
    );

  2. Redirect to the login page

    Section titled “Redirect to the login page”

    Generate the authorization URL to redirect users to the Scalekit-hosted login page. To get a refreshToken for session management, ensure you include offline_access in the scopes.

    Express.js
    const redirectUri = 'http://localhost:3000/api/callback';
    const options = {
      scopes: ['openid', 'profile', 'email', 'offline_access'],
    };
    

    const authorizationUrl = scalekit.getAuthorizationUrl(redirectUri, options);
    

    

    res.redirect(authorizationUrl);

    This will redirect the user to Scalekit’s hosted sign-in page.

  3. Handle user authentication

    Section titled “Handle user authentication”

    Users can now log in using their preferred method. Scalekit handles the authentication details based on your configuration.

    Configure Authentication Methods Learn how to enable and customize passwordless, social, and enterprise SSO login options.

  4. Retrieve user profile

    Section titled “Retrieve user profile”

    After identity verification, Scalekit triggers a callback to your redirect_uri with an authorization code. Exchange this code to get the user’s profile.

    import scalekit from '@/utils/auth.js'
    const redirectUri = 'http://localhost:3000/api/callback';
    

    // Get the authorization code from the scalekit initiated callback
    app.get('/api/callback', async (req, res) => {
      const { code, error, error_description } = req.query;
    

      if (error) {
        return res.status(401).json({ error, error_description });
      }
    

      try {
        // Exchange the authorization code for a user profile
        const authResult = await scalekit.authenticateWithCode(
          code, redirectUri
        );
    

        const { user } = authResult;
    

        // "user" object contains the user's profile information
        // Next step: Create a session and log in the user
    5 collapsed lines
        res.redirect('/dashboard/profile');
      } catch (err) {
        console.error('Error exchanging code:', err);
        res.status(500).json({ error: 'Failed to authenticate user' });
      }
    });

    The authResult contains the user’s profile and the necessary tokens to create a session.

    View ID token in authResult
    ID Token (decoded JWT) example
      {
        "amr": [
          "conn_123456789012345678"
        ],
        "at_hash": "QwertyUioP",
        "aud": [
          "skc_987654321098765432"
        ],
        "azp": "skc_987654321098765432",
        "c_hash": "A1b2C3d4E5",
        "client_id": "skc_987654321098765432",
        "email": "john.doe@example.com",
        "email_verified": true,
        "exp": 1753441845,
        "family_name": "Doe",
        "given_name": "John",
        "iat": 1750849845,
        "iss": "http://example.localhost:8889",
        "name": "John Doe",
        "oid": "org_987654321098765432",
        "roles": [
          "member"
        ],
        "sid": "ses_987654321098765432",
        "sub": "usr_987654321098765432"
      }

  5. Create a user session

    Section titled “Create a user session”

    With the user’s identity verified, you can now establish a session. This typically involves storing the tokens securely and using them to manage the user’s authenticated state.

    const { accessToken, refreshToken, expiresIn } = authResult;
    

    // Store the refreshToken securely, e.g., in a database
    await db.saveRefreshToken(user.id, refreshToken);
    

    // Set the accessToken as a secure, HTTP-only cookie
    res.cookie('accessToken', accessToken, {
      maxAge: (expiresIn - 60) * 1000,
      httpOnly: true,
      secure: process.env.NODE_ENV === 'production',
      sameSite: 'strict'
    });

What’s next?

Section titled “What’s next?”

You have successfully implemented the login flow. Now you can: